Damodaran Committee underlines need for zero-liability online banking
Moneylife Digital Team 05 August 2011

The RBI panel on banking customer services list various measures to enhance convenience for customers and safety of electronic transactions

The Damodaran Committee on banking customer services says there should be zero-liability on customers for any loss in electronic transactions. "Internet banking should be so designed as to encourage consumers to feel safe about electronic transactions," the committee, appointed by the Reserve Bank of India, said in its report that was published on Wednesday.

The committee has said, "There should be a secure total protection policy/zero-liability against loss for any customer induced transaction, utilising technology through ATMs (automated teller machines)/PoS (point of sales)/online banking, etc. A customer should not be made to be out of funds when any loss is suffered on account of Net (Internet)/ATM banking transactions."

The panel, headed by M Damodaran, former chairman of the Securities and Exchange Board, has dwelt extensively with the use of technology in its report.

It has suggested that banks introduce a mechanism where customers have the choice to restrict account-to-account transfers from IP (Internet protocol) addresses of their choice. "A customer should also have the option of requesting blocking the transaction if the IP address is from a different country. In fact, this should be the default option. Any change of option should be possible with ease through the call centre or online," the report said.

The committee has also recommended that banks introduce a fund transfer facility which can be activated by the call centre on a need basis and deactivated once the transfer is completed; facilitating a system based on the customer's behaviour/ purchase and pattern analysis to block any attempt from an unspecified address / suspicious outlier debit transaction and to inform the customer by SMS.
It described the need to also put in place systems like multi-factor authentication to minimise instances of fraud and to restrict the amounts that can be transferred online by prescribing a day cap, or a ceiling amount per transfer.

On the matter of cash not delivered at ATMs, withdrawals through cloned cards, credit card debits not authorised by customers and Internet banking fraud, the committee said that international best practises should be followed and that the customer should be afforded temporary credit immediately, after taking a suitable undertaking.

"The banks should facilitate early reporting of the above (offences), by prescribing appropriate rules that will allow/provide a temporary credit which refunds the full amount, pending detailed investigation. The reporting timelines can also be linked with an amount which would act as the maximum customer liability," the panel has said.

The committee said that in the case of frauds not committed by the customer, the transactions cannot be valid as they are not authorised by the customer. "Instead of the bank putting the onus on the customer to prove that he has not done the transaction or caused it to happen, the onus should be on the bank to prove that the customer has done the transaction. Negligence, if any, on the part of the customer does not deprive him of customer/consumer rights," the committee said.

On mobile banking, the committee recommended that there should be tiered security for different parameters such as transaction value, destination  of  transaction  (two-level authorisation for non-routine destinations), security based on hand-sets, and the frequency of payments. All the grievances of mobile banking should be addressed by the banks only, without referring the customer to the service providers. The agreements of the banks with the telecom service providers should incorporate suitable provisions to address mobile banking grievances.

The report also suggested installing a cash bin in ATMs so that the money withdrawn falls into this container from where it is picked up by the customer and all this is recorded by a small camera, which would be helpful in the event of a complaint over ATM withdrawal.

The committee has also suggested providing a reply-back SMS facility to intimate that the card has not been used. It says that a customer should be allowed to block the ATM card if he finds it is misused, by simply sending an SMS with the word 'BLOCK' to prevent further withdrawal, as considerable time is otherwise lost in locating the numbers of accounts, phone numbers, etc, giving the fraudsters more time to get away with the fraud.

Kanwar Mehta
1 decade ago
Good thinking. This will create confidence of customer in our banking system
arun adalja
1 decade ago
good suggestion to put container so that cash coming out of atm machine will fell on the container with cctv camera.i found that some banks are providing 3 to 4 atm machines in a line so that secrecy is violeted and there is no table to count the notes and rubberbands are not provided particularly icici bank must do such things as they do not have this facility.
Free Helpline
Legal Credit